Windows Server 2008 R2 and Windows 7 : Deploying DirectAccess (part 3) - Installing and configuring DirectAccess and network location server

9/9/2012 9:28:04 PM

Installing and configuring DirectAccess and network location server

You are now ready to install the DirectAccess and Network Location Server role services on the DirectAccess server. Perform the following steps to complete these tasks:

Open Server Manager.

Select the Features node and click Add Features link in the middle pane. This will launch the Add Features Wizard.

Select the DirectAccess Management Console feature (see Figure 17). If prompted to add the Group Policy Management feature, select Add Required Features. Then click Next.

Figure 17. Add DirectAccess Management Console Feature.

Click Install to install the selected features.

When the installation is complete, click Close to close the Add Features Wizard.

Open the DirectAccess Management Console from Start | Administrative Tools | DirectAccess Management.

Select the Setup node. You should notice a warning message indicating that the firewall is not configured to allow ICMPv6 Echo requests needed for Teredo. You will need to enable this on the local firewall and then access the management interface again.

Once you have enabled ICMPv6-Echo requests, the DirectAccess Management console setup node should display the configuration window as seen in Figure 18.

Figure 18. DirectAccess Setup.

Click the Edit button under Step 1—Remote Clients.

Add the Active Directory groups that contain computers you wish to allow to use DirectAccess. Then click Finish. You can create custom groups to limit DirectAccess usage only to computers you add to those groups.

Next click the Configure button under Step 2—DirectAccess server.

Designate which adapter will be connected externally facing the Internet. This is the adapter that inbound connections will connect to. Next designate the adapter to be used for communications to the internal local area network (See Figure 19). This is the adapter that the DirectAccess server will pass traffic from the outside to, so that it can access internal resources. After selecting adapters, click Next.

Figure 19. DirectAccess Network Adapter configuration.

You now need to select the certificates that the DirectAccess server will use to provide connectivity (See Figure 20). You will need to select both the certificate of the certificate authority, and the local machine certificate used to secure DirectAccess communications. After selecting certificates, click Finish to complete Step 2.

Figure 20. DirectAccess Server Certificate selection.

Click the Configure for Step 3—Infrastructure Servers. The first option you need to configure is the location server. In our example, we installed the location server on the same server as DirectAccess. If the location server is collocated on the DirectAccess server, select the option Network Location server is running on the DirectAccess server and then select the certificate used to secure communications for the Network Location Server (See Figure 21). After selecting the Network Location Server click Next.

Figure 21. Network Location Server Certificate selection.

On the next screen, specify the DNS servers and domain controllers to be used by the DirectAccess server. After specifying DNS and DCs, click Next.

You can optionally specify the IP address or IP prefix of servers that can manage clients connected via DirectAccess. For example, you could enter the IP addresses of antivirus management servers and software deployment servers here. This will allow those servers to initiate communications to DirectAccess connected clients. After entering the IP or IP prefix of management servers, click Finish.

Finally, you need to specify any application servers that you want to allow DirectAccess clients to connect to. Click Configure under Step 4—Application Servers.

If you want to provide end-to-end authentication, select that option and choose the domain groups that contain computers that DirectAccess clients should be able to access. If you do not need to provide full end-to-end authentication then select the option Require no additional end-to-end authentication. Then click Finish.

Now that you have completed all four configuration steps, click the Finish button on the main DirectAccess configuration page. You will be prompted with a DirectAccess review page. Verify all DirectAccess settings and click Apply as seen in Figure 22.

Figure 22. Review DirectAccess configuration settings.
  •  Windows Server 2008 R2 and Windows 7 : Planning to Deploy Directaccess
  •  Iwork Pro : Export Strength
  •  Is It Time To Ditch Windows Search? (Part 4) - Power tools,Search for files over Wi-Fi, Search your PC from your mobile phone
  •  Is It Time To Ditch Windows Search? (Part 3) - Search across the LAN
  •  Is It Time To Ditch Windows Search? (Part 2) - Search within files
  •  Is It Time To Ditch Windows Search? (Part 1) - Simple filename searches
  •  In Search Of The Perfect Mid-Tower (Part 4) - Thermaltake Level 10 GTS
  •  In Search Of The Perfect Mid-Tower (Part 3) - Corsair Obsidian 550D, NZXT Phantom 410 Gunmetal Edition
  •  In Search Of The Perfect Mid-Tower (Part 2) - Corsair Vengeance C70, MSI Ravager
  •  In Search Of The Perfect Mid-Tower (Part 1) - Antec Eleven Hundred, Silverstone Temjin Tj04-E
  •  Rebuilding The Dream (Machine) (Part 3)
  •  Rebuilding The Dream (Machine) (Part 2)
  •  Rebuilding The Dream (Machine) (Part 1)
  •  Toshiba Satellite C840 Review (Part 2)
  •  Toshiba Satellite C840 Review (Part 1)
  •  Maintaining Your Windows XP System : Checking Your Hard Disk for Errors (part 2) - Checking Free Disk Space, Deleting Unnecessary Files
  •  Maintaining Your Windows XP System : Checking Your Hard Disk for Errors (part 1)
  •  BenQ XL2420T : Best 3D monitor
  •  Falcon Northwest Tiki: Size really doesn't matter
  •  Thermalright Silver Arrow Sb-E
    Top 10
    Top 10 Televisions – Jan 2013
    What New Technology Will 2013 Bring Us? (Part 2)
    What New Technology Will 2013 Bring Us? (Part 1)
    Get The Best Value Home Network (Part 2)
    Get The Best Value Home Network (Part 1)
    HCL Me Y2 - Pleasantly Surprised
    How To Find The BEST DEALS (Part 2)
    How To Find The BEST DEALS (Part 1)
    How To Make The Most Of The Second Hand Market (Part 2)
    How To Make The Most Of The Second Hand Market (Part 1)
    Most View
    Transphone – The Budget Phone And Tablet Combo
    Sharepoint 2010 : Deploying Transport-Level Security for SharePoint
    Exchange Server 2007 : Configure the Client Access Server - Enable POP3 and IMAP4
    Windows Phone 8 - A New Beginning
    My ipad : Presentations with Keynote - Organizing Slides
    iPhone 3D Programming : Adding Depth and Realism - Filling the Wireframe with Triangles
    Windows Server 2008 R2 Benefits for Administration
    sharepoint 2010 : Utilizing Security Templates to Secure a SharePoint Server
    Java EE 6 : New features introduced in Servlet 3.0 (part 1)
    Gigabyte GA-Z77X-UD3H : Everything, With Everything Else
    Microsoft Sued Comet For Making 94,000 Copies Of Counterfeit Windows
    HTC Desire C - Does It Have Anything Good?
    Android Market Under Threat From ‘RuFraud’
    Designing a Windows Server 2008 R2 Active Directory : Understanding the Single Domain Model
    Understanding the Capabilities of SharePoint 2010
    Windows 7 : Managing Other People’s User Accounts (part 1)
    ZOTAC GTX 650 TI – It’s Time To Play
    Macro Marvels (Part 1)
    Rollout Strategy in Group Policy of Windows Vista
    The Best iPhone Car Accessories